Partner Privacy Notice
Purpose
This Privacy Notice explains how Acclaro collects, uses, shares, and protects Partner’s Personal Data in connection with the Framework Services Agreement (“FSA”) and forms an integral part of any associated contractual document between the parties, including the FSA. In this regard, Acclaro is considered a Data Controller.
Please note that this Privacy Notice applies only to Acclaro’s own systems and Platforms operated by Acclaro (including Acclaro’s Partner Database and WordsOnline). It does not apply to websites, tools, or platforms developed or operated by Acclaro’s Clients or other third parties. Partners are encouraged to review the privacy policies of any third-party systems they may be asked to use when providing Services.
Definitions
For the purposes of this Privacy Notice, “Acclaro” or “Acclaro Group” means Acclaro Belgium and its Affiliates, including Acclaro US, as defined in the Framework Services Agreement.
“Data Protection Laws” means all applicable laws and regulations in any jurisdiction, as revised from time to time, related to data protection, data privacy and data security with regard to Personal Data Processed under or in connection with this Privacy Notice, including, but not limited to, the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), the United Kingdom’s General Data Protection Regulation (“UK GDPR”), Switzerland’s Federal Act on Data Protection (“FADP”), the California Consumer Privacy Act of 2018 including its regulations and amendments made by the California Privacy Rights Act of 2020 (“CCPA”), the Virginia Consumer Data Protection Act (“VCDPA”), and the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), the Utah Consumer Privacy Act (“UCPA”), the Oregon Consumer Privacy Act (“OCPA”), the Texas Data Privacy and Security Act (“TXDPSA”), and the Montana Consumer Data Privacy Act (“MTCDPA”), the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and any applicable provincial privacy laws in Canada, and the Privacy Act 1988 (“Privacy Act”) and any relevant state laws in Australia.
“Personal Data” means “personal data”, “personal information” or any information relating to an identified or identifiable individual or device as defined under Data Protection Laws.
Personal data “processed automatically” includes information held on, or relating to use of, a computer, laptop, mobile phone or similar device. It covers data derived from systems or equipment such as access passes within a building, performance data relating to work activities and sound and image data such as CCTV and photographs (where applicable).
“Process” (and the related terms “Processes” and “Processing”) shall have the same meaning as defined under Data Protection Laws.
All other defined terms from Data Protection Laws that appear in this Privacy Notice such as “business,” “business purposes,” “commercial purposes,” “collect,” “consumer,” “data controller,” “data processor,” “de-identified data,” “sell,” “sensitive personal information,” “service provider,” “share,” and “special categories of personal data” shall have the same meaning ascribed to them in the relevant Data Protection Law.
We use the word “you” to refer to anyone within the scope of this Privacy Notice.
Capitalized terms used but not defined in this Privacy Notice shall have the meanings assigned to them in the FSA.
Legal grounds for processing Personal Data
What are the grounds for processing?
We process Personal Data on the following legal grounds, as defined under Data Protection Laws:
| Term | Ground for processing | Explanation |
| Contract | Processing necessary to perform a contract with the Partner or take steps prior to entering into one. | This covers carrying out our contractual duties and exercising our contractual rights. |
| Legal obligation | Processing necessary to comply with our legal obligations | Ensuring we perform our legal and regulatory obligations (e.g., accounting, tax, or regulatory duties). |
| Legitimate Interests | Processing necessary for our or a third party’s legitimate interests | We (and third parties) have legitimate interests in carrying out, managing and administering our respective businesses. Part of managing a business will involve the processing of your personal data. Your data will not be processed if, in processing your data, your interests, rights and freedoms related to the data override the business’ interests in processing the data for business purposes. |
| Consent | You have given specific consent to processing your data | Where applicable, we may rely on your explicit consent for certain types of processing. You can withdraw your consent at any time. |
Processing sensitive Personal Data
We do not intentionally collect or process sensitive Personal Data in our relationship with Partners unless:
- You have voluntarily provided such data for a specific purpose and given your explicit consent.
- Processing is required to establish, exercise or defend legal claims.
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including as necessary:
- Encryption of data.
- Ensuring the ongoing confidentiality, integrity, availability and resilience of processing systems.
- Regular testing and evaluation of technical and organizational measures for ensuring the security of processing.
- Building data protection into our systems.
- Never uploading data to a cloud provider without prior approval and risk assessment.
- Undertaking privacy impact assessments where new data processing initiatives have been identified and there is likely to be a high risk to privacy
What Personal Data we process and why?
The purposes for which we process your Personal Data, examples of the Personal Data that may be processed, and the grounds on which we process it, are set out in the table below.
The examples in the table are illustrative and not exhaustive.
| Purpose | Examples of personal data that may be processed | Grounds for processing |
| Onboarding and vetting of Partners | Name, contact information, address, CVs (including languages, qualifications and skills), tax ID numbers, documentation for KYC/AML compliance, references, credentials. | Contract Legal obligation Legitimate interests |
| Managing Partner relationship | Contact details, payment data, service records, communication history. | Contract Legitimate interests |
| Communication | Emails, phone calls, online messaging related to project coordination, instructions, or performance. | Legitimate interests |
| Contractual and payment administration | Invoicing information, payment records, financial details, bank account info. | Contract Legal obligation |
| IT access and system security | Log data, usernames, access logs, system usage metrics, including our computers, phones and other devices and our Platforms, such as WordsOnline. | Legal obligation Legitimate interests |
| Quality control, compliance, and audits | Communications, deliverables, performance reports, audit trails. | Legal obligation Legitimate interests |
| Legal claims and dispute resolution | Any information relevant to defending or pursuing legal claims. | Legal obligation Legitimate interests |
| Marketing and business development | Name, professional role, business contact details, communications | Legitimate interests |
| Security and access management | CCTV (where applicable), access records, facility entry/exit logs. | Legitimate interests |
| Monitoring and investigating compliance with policies and rules – both generally and specifically | We expect Partners to comply with our policies and rules and may monitor our systems to check compliance. We may also have specific concerns about compliance and check system and other data to look into those concerns (e.g. login records, records of usage and documents, CCTV images). | Legitimate interests |
| IT technical support, back up and disaster recovery | Any information required to notify you of and/or to resolve the technical difficulty experienced. | Legitimate interests |
| Semi-automated decision-making and resource allocation (human oversight) | Name, performance ratings, pricing information, historical task data | Legitimate interests |
| Performance reporting | Names, language allocation, performance data, project involvement: · visible internally for monitoring purposes, · aggregated or pseudonymized when shared externally (e.g., client dashboards) | Legitimate interests |
Without your acknowledgment of consent, we may be unable to manage your engagement effectively which could impact payments and compliance with regulatory requirements.
If you have any concerns please contact your Acclaro representative or [email protected].
Use of Personal Data in AI Services
Currently, Acclaro does not use supplier Personal Data in connection with AI tools or services, including model training or performance analytics.
Should this change in the future, Acclaro will ensure that:
- Data Anonymization or Pseudonymization: Any Personal Data used in AI-related processes will be anonymized and/or pseudonymized prior to use, where applicable, to minimize the risk of re-identification.
- Explicit Consent: Where identifiable Personal Data is used in AI systems, Acclaro will seek explicit, informed consent from the data subject before such processing occurs. Consent may be withdrawn at any time.
Sources of Personal Data
Most of the Personal Data we process is provided directly by you or your employer (our Partner), such as when entering into a contract, exchanging emails, or submitting documentation.
We may also collect data from:
- Publicly available sources (e.g., websites, professional platforms)
- Background check providers (where applicable)
- Clients or collaborators who interact with you during service delivery
- Our IT systems
Who gets to see your Personal Data?
Internal use
Access to your Personal Data is limited to authorized personnel within Acclaro and, where applicable, its Affiliates, on a strict need-to-know basis in order to fulfil the purposes described above. This includes staff in departments such as Human Resources, Finance, Legal, Vendor Management, Project Management, and IT, who require access in order to manage our relationship with you and perform administrative or operational tasks.
Your Personal Data may be shared with Acclaro’s Affiliates, located in the European Union or the United States, where necessary for global business operations or to ensure compliance with applicable laws.
External use
We only disclose your Personal Data outside the Acclaro Group where the disclosure is consistent with a valid legal basis for processing, and where it is lawful, fair, and proportionate.
Clients
We may share limited professional information (such as your name, language qualifications, or relevant experience) with Clients, when necessary to demonstrate your suitability for a specific project, and in line with our contractual obligations.
Service Providers
We may share your Personal Data with trusted third-party service providers who support our operations, such as communication platforms, accounting systems, payment processors, or translation management systems. These providers act on our instructions, and we require them to implement appropriate security and confidentiality measures.
Others
We may also disclose your Personal Data:
- when you have provided your consent;
- when required by applicable law, regulation, legal process, or a binding governmental request;
- when necessary to establish, exercise, or defend legal claims.
How long we keep your Personal Data?
We retain your Personal Data only for as long as necessary to fulfil the purposes for which it was collected, including to comply with legal, regulatory, tax, accounting, or reporting obligations, to resolve disputes, or to enforce our agreements.
The specific retention period depends on the nature of the Personal Data and the context in which we collect it. In general:
- Operational and contact information (e.g., name, email, language qualifications, and work history) is retained for the duration of our business relationship and for a reasonable period thereafter, typically up to 5 years, unless a longer period is required by applicable law.
- Financial records (e.g., invoices and payment information) are retained in accordance with applicable accounting and tax requirements, typically for 7 to 10 years depending on the jurisdiction.
- Communications and correspondence (e.g., project-related emails, messages, and deliverables) may be retained for up to 5 years following the conclusion of a project to support operational continuity and legal claims.
Once your Personal Data is no longer required for these purposes, we will delete or anonymize it in a secure manner, in accordance with our internal procedures and applicable Data Protection Laws.
Because Acclaro operates globally, specific retention periods may vary depending on the Acclaro entity you engage with and the applicable legal requirements in that jurisdiction.
International data transfers
Because Acclaro operates globally, your Personal Data may be transferred to and processed in countries outside of your country of residence, including jurisdictions that may not provide the same level of data protection as your local laws.
This includes transfers:
- Within the Acclaro Group (i.e., between Acclaro Belgium, Acclaro US, and their respective Affiliates),
- To trusted third-party service providers who support Acclaro’s business operations (such as hosting, payment processing, or communication platforms).
Where such transfers involve Personal Data subject to the General Data Protection Regulation (GDPR), the UK GDPR, or other applicable Data Protection Laws, Acclaro ensures that appropriate safeguards are implemented in accordance with those laws.
These safeguards may include:
- Transfers to countries recognized by the European Commission or UK Government as providing an adequate level of protection;
- The use of Standard Contractual Clauses (SCCs) approved by the European Commission or UK ICO.
You can request further information on the safeguards we use for international transfers, including a copy of the applicable clauses, by contacting us at [email protected].
Access to your Personal Data and other rights
You have certain rights in relation to your Personal Data, subject to applicable Data Protection Laws. These may include the right to:
- Access the Personal Data we hold about you (commonly known as a “data subject access request”),
- Request correction of inaccurate or incomplete data,
- Request erasure of your data in certain circumstances,
- Object to or request restriction of processing,
- Receive a copy of your data in a structured, commonly used, and machine-readable format (“data portability”),
- Withdraw consent at any time where we rely on your consent to process your data (without affecting the lawfulness of prior processing).
To exercise your rights or request information about how we process your data, please contact us at [email protected]. We may need to verify your identity before responding.
Complaints
If you have concerns about how your Personal Data is handled, we encourage you to contact us first at [email protected]. You also have the right to lodge a complaint with a data protection authority in your country or where you believe a breach of data protection law has occurred.
